SECURITY DISCLOSURE POLICY
BrickSpace / BrickSpace Server
Copyright (c) 2019-2026 InSpace Software. All rights reserved.
This Security Disclosure Policy describes how security vulnerabilities
related to BrickSpace and other InSpace Software services should be
reported and handled.
Last updated: December 28, 2025
------------------------------------------------------------
1. COMPANY INFORMATION
------------------------------------------------------------
InSpace Software
De Vechtborg 47
7772 WK Hardenberg
The Netherlands
Email: security@inspacesoftware.com
Website: https://brickspace.app
Legal: https://brickspace.app/legal
------------------------------------------------------------
2. SCOPE
------------------------------------------------------------
This policy applies to all services, applications, and infrastructure
operated by InSpace Software, including but not limited to the following
domains:
- brickspace.app
- api.brickspace.app
- *.brickspace.app
------------------------------------------------------------
3. RESPONSIBLE DISCLOSURE
------------------------------------------------------------
InSpace Software encourages the responsible disclosure of security
vulnerabilities.
Security researchers and other parties acting in good faith, who avoid
privacy violations, data destruction, and service disruption, will not be
subject to legal action under applicable laws for activities conducted in
accordance with this policy.
------------------------------------------------------------
4. REPORTING GUIDELINES
------------------------------------------------------------
Security issues should be reported via email to:
security@inspacesoftware.com
Reports should include sufficient information to allow the issue to be
reproduced and evaluated, including where possible:
- Affected systems or endpoints
- Steps to reproduce the issue
- Proof-of-concept details
- Potential impact assessment
Automated scanning, denial-of-service testing, or exploitation beyond a
minimal proof-of-concept is strictly prohibited.
------------------------------------------------------------
5. ENCRYPTED COMMUNICATION (PGP)
------------------------------------------------------------
Reporters may use encrypted email when submitting vulnerability reports.
A public PGP key for security@inspacesoftware.com may be obtained via the
canonical security contact file or upon request.
PGP-Key: https://packages.brickspace.app/common/keys/inspacesoftware-security.pgp.asc
PGP-Fingerprint: 57C22DB4725155F82BB55C69045DDFC71D2E0A74
------------------------------------------------------------
6. RESPONSE EXPECTATIONS
------------------------------------------------------------
We aim to acknowledge valid vulnerability reports within five (5)
business days.
Where appropriate, we will provide status updates during investigation
and remediation. Resolution timelines may vary depending on severity,
complexity, and operational impact.
------------------------------------------------------------
7. BUG BOUNTY PROGRAM
------------------------------------------------------------
InSpace Software does not currently operate a bug bounty or monetary
reward program.
The absence of a bug bounty does not affect our commitment to addressing
valid security reports submitted in accordance with this policy.
------------------------------------------------------------
8. SAFE HARBOR
------------------------------------------------------------
Any activities conducted in accordance with this policy will be considered
authorized.
This policy does not grant permission for activities that violate
applicable laws, compromise customer data, disrupt services, or exceed
the scope of responsible disclosure.
------------------------------------------------------------
9. CANONICAL SECURITY CONTACT
------------------------------------------------------------
The canonical location for our security contact information is:
https://packages.brickspace.app/common/legal/brickspace-security-discloser-policy.txt
------------------------------------------------------------
10. CHANGES TO THIS POLICY
------------------------------------------------------------
This Security Disclosure Policy may be updated from time to time. Updates
will be published via the legal section of our website.
------------------------------------------------------------
11. ENTIRE AGREEMENT
------------------------------------------------------------
This policy forms part of the legal framework governing the use of
InSpace Software services, together with the Terms of Service, Privacy
Policy, Cookie Policy, End User License Agreement, and Data Processing
Addendum.
If any provision of this policy is held to be invalid or unenforceable,
the remaining provisions shall remain in full force and effect.
------------------------------------------------------------
END OF SECURITY DISCLOSURE POLICY
------------------------------------------------------------
BrickSpace / BrickSpace Server
Copyright (c) 2019-2026 InSpace Software. All rights reserved.
This Security Disclosure Policy describes how security vulnerabilities
related to BrickSpace and other InSpace Software services should be
reported and handled.
Last updated: December 28, 2025
------------------------------------------------------------
1. COMPANY INFORMATION
------------------------------------------------------------
InSpace Software
De Vechtborg 47
7772 WK Hardenberg
The Netherlands
Email: security@inspacesoftware.com
Website: https://brickspace.app
Legal: https://brickspace.app/legal
------------------------------------------------------------
2. SCOPE
------------------------------------------------------------
This policy applies to all services, applications, and infrastructure
operated by InSpace Software, including but not limited to the following
domains:
- brickspace.app
- api.brickspace.app
- *.brickspace.app
------------------------------------------------------------
3. RESPONSIBLE DISCLOSURE
------------------------------------------------------------
InSpace Software encourages the responsible disclosure of security
vulnerabilities.
Security researchers and other parties acting in good faith, who avoid
privacy violations, data destruction, and service disruption, will not be
subject to legal action under applicable laws for activities conducted in
accordance with this policy.
------------------------------------------------------------
4. REPORTING GUIDELINES
------------------------------------------------------------
Security issues should be reported via email to:
security@inspacesoftware.com
Reports should include sufficient information to allow the issue to be
reproduced and evaluated, including where possible:
- Affected systems or endpoints
- Steps to reproduce the issue
- Proof-of-concept details
- Potential impact assessment
Automated scanning, denial-of-service testing, or exploitation beyond a
minimal proof-of-concept is strictly prohibited.
------------------------------------------------------------
5. ENCRYPTED COMMUNICATION (PGP)
------------------------------------------------------------
Reporters may use encrypted email when submitting vulnerability reports.
A public PGP key for security@inspacesoftware.com may be obtained via the
canonical security contact file or upon request.
PGP-Key: https://packages.brickspace.app/common/keys/inspacesoftware-security.pgp.asc
PGP-Fingerprint: 57C22DB4725155F82BB55C69045DDFC71D2E0A74
------------------------------------------------------------
6. RESPONSE EXPECTATIONS
------------------------------------------------------------
We aim to acknowledge valid vulnerability reports within five (5)
business days.
Where appropriate, we will provide status updates during investigation
and remediation. Resolution timelines may vary depending on severity,
complexity, and operational impact.
------------------------------------------------------------
7. BUG BOUNTY PROGRAM
------------------------------------------------------------
InSpace Software does not currently operate a bug bounty or monetary
reward program.
The absence of a bug bounty does not affect our commitment to addressing
valid security reports submitted in accordance with this policy.
------------------------------------------------------------
8. SAFE HARBOR
------------------------------------------------------------
Any activities conducted in accordance with this policy will be considered
authorized.
This policy does not grant permission for activities that violate
applicable laws, compromise customer data, disrupt services, or exceed
the scope of responsible disclosure.
------------------------------------------------------------
9. CANONICAL SECURITY CONTACT
------------------------------------------------------------
The canonical location for our security contact information is:
https://packages.brickspace.app/common/legal/brickspace-security-discloser-policy.txt
------------------------------------------------------------
10. CHANGES TO THIS POLICY
------------------------------------------------------------
This Security Disclosure Policy may be updated from time to time. Updates
will be published via the legal section of our website.
------------------------------------------------------------
11. ENTIRE AGREEMENT
------------------------------------------------------------
This policy forms part of the legal framework governing the use of
InSpace Software services, together with the Terms of Service, Privacy
Policy, Cookie Policy, End User License Agreement, and Data Processing
Addendum.
If any provision of this policy is held to be invalid or unenforceable,
the remaining provisions shall remain in full force and effect.
------------------------------------------------------------
END OF SECURITY DISCLOSURE POLICY
------------------------------------------------------------